This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4239 Views
  • 0 replies
  • 0 Likes

Security Policy Action Options other than Allow/Deny

We have a security rule: Src Zone: InternalSrc User: AnyDest Zone: AnyDest Add: AnyApplication: Application filter which inlucde all online videos (e.g. adobe-media-player, http-video, tvb-video, youtube-base)Action: Deny It works as expected, however some users need to view some business video now. Is there any option to configure 'override' as...

linuss by Not applicable
  • 5198 Views
  • 6 replies
  • 0 Likes

SSL-Out Out Timer

Hi - does somewone know the command to show the current countdown timers for users who have accepted SSL interception?I know there is one as I've run it in the past, but can't for the life of me find it.Thanks

apackard by L4 Transporter
  • 2144 Views
  • 1 replies
  • 0 Likes

Resolved! Panorama & HA Pair questions

I'm just getting started with Pair of 5000's in Active/Passive and plan to manage them via Panorama. Should I be pushing policy to the 'primary' PA firewall or create a device group and push the policy to both? Second question: We plan on bringing up a secondary internret connection in about a year with a building and will be adding another pai...

Jinx by L1 Bithead
  • 3120 Views
  • 2 replies
  • 0 Likes

DNS Proxy question

Hi All,I'm working to configure the PAN (4.1.2) DNS proxy, hopefully to replace the legacy slave dns server.But the adminsitrative guide is good enough to understand to configure it.I'm having hard time getting it to work as desire.Would I able to forward DNS queries to other both external(Internet) and Internal DNS servers on domain?Please advi...

ateo by Not applicable
  • 3651 Views
  • 2 replies
  • 0 Likes

Resolved! Timer to refresh FQDN object entries

Hi,In the "PAN-OS Command Line Interface Reference Guide Release 4.0", we found the following options which specify the refresh times for "FQDN object entries".+ fqdn-forcerefresh-time — Seconds for Periodic Timer to force refresh FQDN object entries (14400-86400) + fqdn-refresh-time — Seconds for Periodic Timer to refresh expired FQDN object en...

Hub by L0 Member
  • 6701 Views
  • 4 replies
  • 0 Likes

PA 5000 Series QoS performance.

Hi there. I have a question regarding of QoS performance of PA 5000 Series. As my know, PA-4000 Series performance is up to 2G when using QoS.how is the performance about PA5000 series??does it has same performance with PA 4000 series?? is it also support up to 2G when using QoS enable?Please let me know.

willstech by L3 Networker
  • 3065 Views
  • 1 replies
  • 0 Likes

Resolved! VPN Authetication with client certificate

Hi, if I configure VPN authentication with client certificate, it will be necesary to enter password?.I don't know if with client certificate you don't need user and password as I've seen in other scenarios. Reading documentation from Palo Alto seems that you will need only password (the name autofill with certificate), but I'm not completely su...

ssancho by L2 Linker
  • 3092 Views
  • 2 replies
  • 0 Likes

Panorama in HA

Hi there!I would like to know if someone is using the Management Panorama in HA (Primary and Secondary). I was looking for information about, but i could not find anything.Thanks in advance!Angel.

Resolved! User-ID Agent XML config and debug

Have successfully installed the UserAgent 4.1.2-2 and it is merrily discovering user authentication events. It is VERY keen to tell me all of this in the UaDebug.log file.How do you reduce the verbosity - there's a "file" somewhere but it's not giving any hints?02/14/12 13:32:59:730[ Info 1642]: ------------Service is being started------------ ...

PA 2020 Active/Passive HA

I am configuring Active/Passive PA 2020 firewall for clustering . I have configured all the parameters for HA including the links(HA1 and HA2). Also the firewall are connected and both the HA interfaces are showing up. I am making One PA Firewall as Active by lowering its device Priority (100)and other as standby (priority 150). I am seeing ,th...

itsecll by L1 Bithead
  • 5360 Views
  • 6 replies
  • 0 Likes

address-group limitation

Hi @all,we’re using a PA-5020 active-passive Firewall-Cluster. We recently noticed that the address-groups are limited to 500 items per group. As we have a list of nearly 1500 items (ip-address and network-addresses) to manage, I want to ask whether there are any performance issues known if we split the items in three or more groups.

Wirecard by Not applicable
  • 2998 Views
  • 2 replies
  • 0 Likes

No username in source-user column of PA-500

Hi AllI have upgraded to PANOS 4.1.2 and user-id-agent 4.1.2-2 in my lab, however when i complete config, and can not select any domain\username in the source user column, but i can sure the connection is ok by command >show user user-id-agent statistics between the unit and user-id-agent.When I downgrade user-id-agent 4.1.2-2 to PanAgent 3....

Third party RADIUS + OTP + Captive Portal

Hi all,We are implementing a Nordic-Edge Server that provides radius and otp services. Once you have enter the user/password credentials in VPN-SSL portal , you get another screen which prompts you for the OTP that is sent by SMS.The auth is OK , but the security policies are based in Active Directory users and groups. In order to solve it we ar...

Resolved! User-ID agent 4.1.0 service logon account permissions.

User-ID agent 3.1.0 ran quite happily on our Domain Controller under a regular domain user account (no group membership apart from the default Domain Users, and I guess "Ran as service" was granted automatically during the installation).The new version of User-ID agent refuses to start the service under that account. No events are loged in Windo...

ST1985 by L1 Bithead
  • 9992 Views
  • 7 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks